=== Stack gap handling improvements

Contact: Dawid Gorecki <dgr@semihalf.com> +
Contact: Marcin Wojtas <mw@semihalf.com>

Stack gap is a feature that randomizes the stack address by creating a random sized gap between the top of stack and strings area.
The current implementation of this mitigation can cause issues for some applications e.g. Firefox (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239873[PR239873]).
Until now the only workaround for this problem was disabling the stack gap for those programs, as is done for https://cgit.freebsd.org/src/commit/usr.sbin/ntp/ntpd?id=af949c590bd8a00a5973b5875d7e0fa6832ea64a[ntpd].

Semihalf team has been working on fixing the root causes of stack gap related problems.

One of the issues could be observed when setting the stack limit to a low value with setrlimit(2).
Since the stack gap size can be significant, and the process had no knowledge of how large the stack gap is, this caused programs to abort immediately after returning from a syscall due to the stack extending past the limit.
The fix involves increasing the soft resource limit (rlim_cur) by the size of stack gap during the setrlimit(2) call.
This fixes the issue with ntpd without disabling the stack gap entirely.
The https://reviews.freebsd.org/D31516[patch] is currently under review.

The second identified problem is related to the way the thread stacks are handled.
Thread stacks are calculated using the kern.usrstack sysctl, which should point to the beginning of the stack.
This sysctl returned a constant value depending on the ABI and the presence of the stack gap was ignored.
A new sysctl was introduced, and the thread library was updated to use it accordingly.
Patches https://reviews.freebsd.org/D31897[D31897] and https://reviews.freebsd.org/D31898[D31898] are currently under discussion.
These fix the issues with Firefox and Thunderbird not starting with the stack gap feature enabled.

Sponsor: Stormshield
